This is a very complex problem. I'm hoping to find an expert detective.
I have W7, and never used Kaspersky, but my registry contains a folder called Kaspersky.
I can't get rid of it. So that tells me it is illegitimate on my PC. Especially now, in light of the fact that Kaspersky is now under suspicion as a participant in Russian hacking. I learned of its existence from a good scanner, Wise Care 365. It only cleans registry stuff that is obvious junk. It tells me the Kaspersky is an empty key, so I delete it, but it comes right back. I can get to the Kaspersky folder through Wise, by right-clicking to show the registry item it found. Once I'm looking at the folder Wise helped me find, I try to delete it and am refused. I am the administrator.
What can I do about it? I want it gone.
Something is REALLY wrong here.
I did a RegEdit search. Couldn't get to that folder. because there are also 3 Kaspersky references in a folder called DriverStore. I tried to check out klif.inf, but in both places where it appeared in the registry, it could not be found in a search. (I use "Everything" for searches, because W7's search engine is putrid.)
While I was searching the registry, Zone Alarm popped up that Registry Editor was trying to load a driver. I couldn't read its name - too small, and couldn't copy it. But I went to ZA to tell me more, and it said programs rarely, if ever, need to load a driver, and suggested that my Registry editor might be corrupted. I scan often for malware, and my registry has never cropped up.
I've cut-pasted that ZA comment here:
"Registry Editor may be malicious. It may be attempting to affect other programs or the security of the system. Programs do not normally need to load a driver."
When I tried to delete the Kaspersky folder accessed through Wise, I got the same persistent popup, as well as being refused on delete. So I couldn't search any further. There might be more Kaspersky stuff in my registry.
Do you think I should try to delete those 3 drivers in the registry? Haven't tried, but bet I'd be refused. Is there a way to find out what kind of drivers they are? What they DO? And which hardware they are used by? There's always a hardware associated with a driver.
Though I kept clicking deny and to remember the denial, ZA kept popping up the same thing. Now I'm even more suspicious, but with RegEdit, too.
Now i think I know why. Without permitting the driver, I could not continue the scan for Kaspersky.
I searched for my registry. It showed this path: C:\Windows\System32\Tasks\Microsoft\Windows\Registry but there was no registry there. Just a 4KB file, "RegidleBackup."
I checked the properties of RegEdit. Its compatibility is for Windows Server 2008 (Service pack 1),
I DO NOT, and never have, used a WIndows Server OS. But I can't change the compatibility for this, and I can't change the settings - they're faded out.
I'm scared of making changes to my registry, even using System Restore, which I've never used. Once I used CCleaner, and it erased ALL of my 40 videos. I now have 3 times as many videos.
It seems clear my system has been "handled." Okay, if you're confused, so am I. But I'm no geek. CAN you help me?
I've been advised in the past to use some powerful software to clean my system for other problems. It's a complicated procedure, and I fear using them. CCleaner was one of those, which I wouldn't touch, ever again.
If I could save my videos, I might try. But RW CDROMs aren't big enough.
I want to know what was done to my system, how this happened, and why. Preferably also by WHOM. My system runs VERY slowly, and I'd bet this is part of the reason. Seems none of the antivirus, nor ZA, works very well. They can't stop much and can't fix anything, even tho I keep them up to date and scan often. Malware outsmarts them all.
Thanks very much.